Spyware maker Spytech Software Hacked: Data breach exposes thousands of remotely controlled devices
Daniel Levi
Posted On July 26, 2024
US spyware maker Spytech Software has been hacked. The Minnesota-based company, whose tools are used by relatives and law enforcement agencies, became a target of hackers and fell victim to a data breach. The hack, first reported by TechCrunch, exposed extensive details about the company’s remote surveillance operations and the thousands of devices it secretly monitors worldwide.
TechCrunch reported it obtained the cache of files from an anonymous source taken from Spytech’s servers. The files reveal the company’s covert activities and the devices targeted by its “stalkerware” products including detailed activity logs from phones, tablets, and computers monitored by Spytech, with some records as recent as early June, TechCrunch reported.
Spytech makes spyware for Windows, Mac, Android, and Chromebook platforms. The company is also known for its remote access applications, Spytech’s tools—often labeled as “stalkerware”—are used to monitor, control, and track users’ devices. While such software can be employed for legitimate purposes, like parental supervision or law enforcement, the scenario becomes problematic when such tools fall into the hands of hackers.
Spytech markets its software as a solution for monitoring children’s activities and tracking suspicious behavior in spouses or domestic partners. The company’s website even promotes its products for spousal surveillance, advertising the ability to “keep tabs on your spouse’s suspicious behavior.”
Though monitoring activities for children or employees can be legal, tracking a device without consent is a criminal offense. Both spyware developers and their clients have faced legal consequences for unauthorized surveillance.
Stalkerware programs are typically installed by individuals with physical access to a device, often with knowledge of the passcode. These applications are designed to remain hidden, making them difficult to detect and remove. Once active, the spyware collects and transmits keystrokes, screen interactions, web browsing history, and, for Android devices, precise location data to a remote dashboard controlled by the installer.
SpyTech SpyAgent (Credits: SpyTech Software)
For over 24 years, Spytech has provided monitoring solutions for concerned parents and spouses. The company boasts that its “award-winning” SpyAgent software offers over 20 monitoring tools, promising to capture and report on every activity occurring on a computer via cloud and email-based logs.
The breach has revealed that Spytech’s spyware was capable of infecting a range of devices, including Android phones, Chromebooks, Macs, and PCs. The exfiltrated data includes information about more than 10,000 remotely controlled devices, with records dating back to 2013.
“The data shows that Spytech’s spyware — Realtime-Spy and SpyAgent, among others — has been used to compromise more than 10,000 devices since the earliest-dated leaked records from 2013, including Android devices, Chromebooks, Macs, and Windows PCs worldwide,” TechCrunch wrote.
TechCrunch’s review of the leaked data shows that most compromised devices are Windows PCs, followed by Android devices, Macs, and Chromebooks. Notably, the data logs were found to be unencrypted.
The analysis also uncovered that many of the infected Android devices were located in Europe and the US. In addition, TechCrunch’s analysis of the mobile-only data reveals that Spytech has substantial clusters of monitored devices concentrated in Europe and the United States, with additional, smaller clusters observed in Africa, Asia, Australia, and the Middle East.
In a surprising twist, Spytech executive Nathan Polencheck was among those compromised, possibly due to installing the company’s own monitoring software on his personal device. When approached by TechCrunch, Polencheck claimed ignorance of the breach, despite the leaked data seemingly pinpointing his residence in Red Wing, Minnesota.
As of now, Spytech has not issued a public statement regarding the breach. The company may soon be required to notify affected customers or alert federal authorities in the US. Earlier this year, another spyware provider, pcTattletale, experienced a similar breach but chose to shut down operations without disclosing details to the public.
